School units in the Edmonton area affected by the PowerSchool breach

Edmonton Catholic School Division (ECSD) and St. Alberta is among several provincial school boards affected by the student information system vendor’s data breach.

In a message emailed to families Wednesday afternoon and in the notice posted on the department’s websiteECSD said it was working with US-based PowerSchool to determine exactly what data had been accessed.

Families can use the cloud-based software to check their child’s grades or pay tuition, although ECSD said “no financial information was accessed or stored in PowerSchool.”

“PowerSchool has assured us that the incident is contained and that they have increased their security measures to prevent future breaches. PowerSchool operations remain unchanged and service continues as normal,” ECSD said in a statement.

“Also, you don’t need to change your password because it doesn’t affect your login credentials.”

To the families of public schools of St. Albert was also told by email that financial data and passwords had not been compromised, but that names, dates of birth, phone numbers and home/postal addresses had been “exported” from individual accounts.

“We understand that news like this can be alarming, and we want to assure you that we are doing everything we can to address the situation responsibly and proactively,” the department said, promising to provide more information as it becomes available.

According to the PowerSchool website, 76 percent of students in Canada use this software.

CTV News Edmonton is reaching out to other local school boards to determine if they are using PowerSchool and if they have been affected.

Edmonton Public Schools uses PowerSchool but says it was not affected by the breach.

So far, school boards in Alberta, Ontario and Newfoundland and Labrador have reported being affected by the breach, according to The Canadian Press. It is used internationally.

Cyber ​​hacking on December 28

PowerSchool says on Dec. 28 it became aware of “unauthorized access to certain information through one of our community-based customer support portals,” called PowerSource.

An investigation confirmed that an unauthorized party gained access to PowerSchool customer data, the company told customers in a letter distributed by ECSD.

“As soon as we became aware of a potential incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior management and third-party cybersecurity experts. We have also informed the law enforcement authorities,” the letter says.

Although the data involved families and teachers, PowerSchool called the incident contained and said it found no evidence of malware or ongoing unauthorized activity.

“Rest assured, we have taken all necessary measures to prevent further unauthorized access or misuse of data. We do not expect this data to be shared or made public, and we believe it has been removed without further copying or distribution.”

With files from The Canadian Press